Python CGI security
Michael Ströder
michael at stroeder.com
Mon Jul 3 02:47:47 EDT 2000
"E. Jordan Bojar" wrote:
>
> I'm interested in running a series of Python scripts via the Apache Python
> module, mostly for dynamic content but possibly for password protection as
> well. Are there security issues particular to (or common with) Python
> CGIs,
> in the way that buffer overflow is so common to poorly-written Perl?
I tried to raise this topic here a couple of weeks ago but NO
RESPONSE! Afterwards I started a similar thread in
news:de.comp.security (german newsgroup). Regarding Python code a
guy mentioned that your Python code should avoid eval() and exec().
I'm not a C programmer at all and therefore I just naively used a
tool named ITS4: <URL: http://www.rstcorp.com/its4/> to find parts
in the Python interpreter which might have buffer overrun issues. I
would really like to have some discussion about the ITS4-output.
Ciao, Michael.
More information about the Python-list
mailing list